AssertionManagerGui

Id scheme	Assertion id	Status	Testable?	#Coverage	#Applies to	Comment	Predicate	Page	Tags	Last changed

ATNA	ATNA-1	to be reviewed	Testable	0	4	I think this is redundant to ATNA-11. This is just a generic statement about the ITI-19 transaction.	The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node.	77	Section 9.4	10/17/23 5:05:00 PM by Nicolas Bailliet
ATNA	ATNA-14	to delete	Testable	0	2	I disagree with this assertion. Section 9.7 reads "If the product claims only to include the Secure Application Actor, that indicates that only those security features that apply to the application features are provided by the product." I expect SAs to support ITI-19 for its IHE transactions that carry PHI.	Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction	74	Table 9.4-1	1/3/20 3:47:40 PM by Anne-Gaëlle Bergé
ATNA	ATNA-15	to delete	Testable	0	2		Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Maitain Time [ITI-1] transaction	74	Table 9.4-1	2/24/15 5:36:05 PM by Jean-François Labbe
ATNA	ATNA-16	to be reviewed	Testable	0	2	see previous comment on ITI-19	Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Record Audit Event [ITI-20] transaction	74	Table 9.1-1	8/28/18 9:58:03 AM by Meenal T
ATNA	ATNA-2		Testable	0	3	probably not a testable assertion	Secure Nodes shall either prohibit, or be designed and verified to prevent access to PHI, whenever connections are not bi-directionally node-authenticated .	76	Section 9.1.2	7/5/21 9:54:13 AM by Clément Lagorce
ATNA	ATNA-24	to be reviewed	Testable	0	2		Secure Application actors may support the Radiology Audit Trail option	75	Table 9.5-1	2/24/15 5:36:05 PM by Jean-François Labbe
ATNA	ATNA-4		Testable	0	4		The mechanism for logging audit record messages to the audit record repository shall be either Transmission of Syslog Messages over UDP (RFC5426) with The Syslog Protocol (RFC5424) which formalizes and obsoletes Syslog (RFC-3164), either 2) Transmission of Syslog Messages over TLS (RFC5425) with The Syslog Protocol (RFC5424) which formalizes sending syslog messages over a streaming protocol protectable by TLS.	77	Section 9.3	7/5/21 9:54:13 AM by Clément Lagorce
ATNA	ATNA-6		Testable	0	4		A means must be provided to upload the required certificates to the implementation, e.g., via floppy disk or file transfer via network.	77	Section 9.4	7/5/21 9:54:13 AM by Clément Lagorce

to be reviewed

Testable

I think this is redundant to ATNA-11. This is just a generic statement about the ITI-19 transaction.

The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node.

77

Section 9.4

10/17/23 5:05:00 PM by Nicolas Bailliet

ATNA

ATNA-14

to delete

Testable

0

2

I disagree with this assertion. Section 9.7 reads "If the product claims only to include the Secure Application Actor, that indicates that only those security features that apply to the application features are provided by the product." I expect SAs to support ITI-19 for its IHE transactions that carry PHI.

Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction

74

Table 9.4-1

1/3/20 3:47:40 PM by Anne-Gaëlle Bergé

ATNA

ATNA-15

to delete

Testable

0

2

Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Maitain Time [ITI-1] transaction

74

Table 9.4-1

2/24/15 5:36:05 PM by Jean-François Labbe

ATNA

ATNA-16

to be reviewed

Testable

0

2

see previous comment on ITI-19

Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Record Audit Event [ITI-20] transaction

74

Table 9.1-1

8/28/18 9:58:03 AM by Meenal T

ATNA

ATNA-2

Testable

0

3

probably not a testable assertion

Secure Nodes shall either prohibit, or be designed and verified to prevent access to PHI, whenever connections are not bi-directionally node-authenticated .

76

Section 9.1.2

7/5/21 9:54:13 AM by Clément Lagorce

ATNA

ATNA-24

to be reviewed

Testable

0

2

Secure Application actors may support the Radiology Audit Trail option

75

Table 9.5-1

2/24/15 5:36:05 PM by Jean-François Labbe

ATNA

ATNA-4

Testable

0

4

The mechanism for logging audit record messages to the audit record repository shall be either Transmission of Syslog Messages over UDP (RFC5426) with The Syslog Protocol (RFC5424) which formalizes and obsoletes Syslog (RFC-3164), either 2) Transmission of Syslog Messages over TLS (RFC5425) with The Syslog Protocol (RFC5424) which formalizes sending syslog messages over a streaming protocol protectable by TLS.

77

Section 9.3

7/5/21 9:54:13 AM by Clément Lagorce

ATNA

ATNA-6

Testable

0

4

A means must be provided to upload the required certificates to the implementation, e.g., via floppy disk or file transfer via network.

77

Section 9.4

7/5/21 9:54:13 AM by Clément Lagorce

Search Criteria : 8 assertions found for this search Review filtered assertions

Assertion

Applies to

Coverage